smokeloader | a74cc0ccf2620478a1e414c16ea4228b065d644464ebe1efb2634e2244f3f658 | Triage

Sharing

General

Target

a74cc0ccf2620478a1e414c16ea4228b065d644464ebe1efb2634e2244f3f658
Size

241KB
Sample

220127-csyrpsebbq
MD5

8ae45803f89e8d534484789e4f7d9e12
SHA1

1cb1dd51daf841695a4840072c8c8d62c2f21ee3
SHA256

a74cc0ccf2620478a1e414c16ea4228b065d644464ebe1efb2634e2244f3f658
SHA512

61a3db5a8f20675768fdd37a4f3ebb7ef9287fd5bda2c9789f99ef3f8c032feafc86bac4f009ab1cafacbdc686b673e3f9c814b6d30486e56adb7f1233d777bb

Score

10^/10

smokeloader backdoor persistence trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

rc4.i32

rc4.i32

Targets

- Target
  
  a74cc0ccf2620478a1e414c16ea4228b065d644464ebe1efb2634e2244f3f658
- Size
  
  241KB
- MD5
  
  8ae45803f89e8d534484789e4f7d9e12
- SHA1
  
  1cb1dd51daf841695a4840072c8c8d62c2f21ee3
- SHA256
  
  a74cc0ccf2620478a1e414c16ea4228b065d644464ebe1efb2634e2244f3f658
- SHA512
  
  61a3db5a8f20675768fdd37a4f3ebb7ef9287fd5bda2c9789f99ef3f8c032feafc86bac4f009ab1cafacbdc686b673e3f9c814b6d30486e56adb7f1233d777bb
Score

10^/10

smokeloader backdoor persistence trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoorpersistencetrojan